renovate
renovate copied to clipboard
renovatebot
Keep changes in pubspec.lock to minimum
What would you like Renovate to be able to do?
For a Dart (flutter) project I'd like to be able to configure renovate such that the lock file (pubspec.lock) has versions updated for related dependencies only.
E.g. a pull request that updates package A 1.7.0 -> 2.1.0 changes pubspec.yaml to specify A: ^2.1.0 in place of A: ^1.0.0 and changes pubspec.lock to specify
-
2.1.0in place of1.7.0for A and -
3.1.5in place of3.0.2for B because [email protected] specifiesB: ^3.1.0.
Basically, the new lock file seems to be generated by running flutter pub upgrade, but I'd need it to be generated by running flutter pub upgrade A. That keeps changes in the lock file to a minimum.
I'm also using renovate for a nodejs project, which already behaves like this. That and the flutter project just extend the preset config:base with some package rules. The only difference is that the nodejs project uses pinned dependencies while the flutter one does not.
If you have any ideas on how this should be implemented, please tell us here.
lockFileMaintenance? range strategy? (as per https://github.com/renovatebot/renovate/discussions/19608)
I'm unsure because the nodejs project worked like that out-of-the-box.
Is this a feature you are interested in implementing yourself?
No
nodejs is working differently with lockfiles, so you can't compare with dart / flutter.
npm install only updates required does inside lockfile while dart upgrades all transitive deps.
Hi there,
Get your issue fixed faster by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible.
Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this.
To get started, please read our guide on creating a minimal reproduction.
We may close the issue if you, or someone else, haven't created a minimal reproduction within two weeks. If you need more time, or are stuck, please ask for help or more time in a comment.
Good luck,
The Renovate team
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello, I think I know what the issue is and have a way to address it. Can someone assign this issue to me?
Great to see someone working on this, thanks @zeshuaro
Here's a repository to showcase what I'm talking about: https://github.com/slosd/sample_renovatebot
$ flutter pub outdated
Showing outdated packages.
[*] indicates versions that are not the latest available.
Package Name Current Upgradable Resolvable Latest
direct dependencies:
built_value *8.0.0 8.4.3 8.4.3 8.4.3
provider *5.0.0 *5.0.0 6.0.5 6.0.5
url_launcher *6.0.0 6.1.7 6.1.7 6.1.7
The PR https://github.com/slosd/sample_renovatebot/pull/4 which is supposed to update provider v5 -> v6 also updates built_value v8.0.0 -> v8.4.3 and url_launcher v6.0.0 -> v6.1.7
Thanks for sharing the examples. I've also linked 2 sample Renovate PRs on my PR with and without my fix, which should produce the results you expect: https://github.com/renovatebot/renovate/pull/19825
I did have a look at these and that prompted me to add an example which involves direct dependencies.
Right, see this PR for the new behaviour in comparison to the one you shared: https://github.com/barriot/r2/pull/6/files
:tada: This issue has been resolved in version 34.107.0 :tada:
The release is available on:
- GitHub release
-
34.107.0
Your semantic-release bot :package::rocket:
